News Releases

EU General Data Protection Regulation and Why it Impacts U.S. Companies

Media Alert

LONDON, November 17, 2017 – The new General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing the current European data protection regime under Directive 95/46/EC (the Directive). The new regulation governs the security and management of personal data; specifically, it places obligations and restrictions on companies that hold and collect personal data and impacts what they can do with it.

When enacted, the GDPR will apply in all Member States of the European Union and will toughen and harmonize data protection laws throughout the European Union. United States privacy and technology experts are also watching closely as the new law has extra-territorial reach and poses privacy compliance challenges to companies in the United States that have business and customers in the EU.

Baker Botts lawyers Cynthia Cole (U.S.) and Neil Coulson (EU) can discuss the main changes the GDPR will introduce as a new law, including how it:

  • Increases the financial penalties for non-compliance
  • Increases the compliance obligations for businesses
  • Introduces liability for data processors
  • Expands the territorial scope of European Data Protection law
  • Increases the rights of individual data subjects
  • Makes it easier for individuals to enforce their rights

Baker Botts is an international law firm whose lawyers practice throughout a network of offices around the globe. Based on our experience and knowledge of our clients' industries, we are recognized as a leading firm in the energy, technology and life sciences sectors. Since 1840, we have provided creative and effective legal solutions for our clients while demonstrating an unrelenting commitment to excellence. For more information, please visit

Related Professionals